Re: DOS against SuSE's identd

From: Alan Brown (alanat_private)
Date: Mon Aug 16 1999 - 19:24:13 PDT

Next message: Chmouel Boudjnah: "Re: Mandrake 6.0 .Xauthority"

Previous message: Robert Graham: "AOL Buffer Overflow???"
Maybe in reply to: Hendrik Scholz: "DOS against SuSE's identd"
Next in thread: Seth R Arnold: "Re: DOS against SuSE's identd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 14 Aug 1999, Hendrik Scholz wrote:

> The inetd.conf starts the identd with the options -w -t120
> -e.
> This means that one identd process waits 120 seconds after
> answering the first request to answer later request.

No, it means that the identd is persistent and will shut down after 120
seconds of idle time.

What ends up happening is that a master identd process spawns a child
for each request and you're running into a basic FD-based DoS attack.

AB

Next message: Chmouel Boudjnah: "Re: Mandrake 6.0 .Xauthority"
Previous message: Robert Graham: "AOL Buffer Overflow???"
Maybe in reply to: Hendrik Scholz: "DOS against SuSE's identd"
Next in thread: Seth R Arnold: "Re: DOS against SuSE's identd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:41 PDT